Your Passwords Are Worse Than You Think (and the Easiest Ways to Fix Them)
Rejoice, because today is World Password Day! You won’t have a day off, but you will be reminded that your security is likely to be at great risk. Whether you’re using the same password for multiple accounts (don’t lie, I know you do) or using simple passwords because they’re “easy to remember”, you need World Password Day.
Google conducted a survey of 4,000 American adults to understand what steps they are taking to keep their digital lives safe. In short, they don’t. The survey found that while nearly 40% of Americans have experienced personal data breaches, 20% admit to using simple passwords that anyone can guess. Do you want to be a hacker? Choose five people: one of them uses something like a “password” to log into the system.
To make matters worse, more than half of respondents have used personal information for their password, such as their name, birthday, name of their partner, child, friend, family member, or pet, and 65% say they reuse passwords for various accounts. records. This is bad news .
What makes a good password?
Let’s start with the passwords themselves, which should be two things : strong and unique. A strong password is one that is difficult for both humans and computers to guess. It’s much more obvious how to create a tricky password to keep your roommate out than it is to keep a hacker out with brute force (just the act of entering password after password into the system until there is a match).
The computer will guess your password if it consists of commonly used dictionary words, even if you have cleverly replaced some of those letters with numbers or special characters. A hacker will figure out “t3l3v!s!0n” about as fast as “television” because his computer can look for these tricks.
Traditionally, a large random password has been recommended as the best approach. No one can guess a password like “Sj12#8)23&$k51*as.x*3rffalwo@74d*23” and it will most likely take the computer some time to crack it.
But in fact, you do not need to come up with a password that is difficult to remember. Passwords that use a short string of random words can be difficult to crack for your use case. XKCD has a famous webcomic on the subject : “correcthorsebatterystaple” is a strong password that’s easy to remember. A human, of course, would not have guessed such a password, and it would have taken too long for the computer to look up the dictionary words before it could crack it.
I’m a big fan of Computerphile’s video that breaks these ideas down:
A password manager can do all the hard work for you
However, a strong password is only one part of the equation. You need to use a unique strong password for each of your accounts. While your new password is certainly hard to crack, you should never use it more than once. Cracking a password isn’t the only way to find out. If a clumsy company gets hacked, your password could be stolen. Once this happens, hackers will check your password with all possible accounts, and if you reused it, your security will be compromised.
So using a unique password for all accounts is the best approach. However, you do not need to follow the steps above for all of your logins. If you are using a password manager, you will only need to worry about this password procedure once. A password manager like Bitwarden or LastPass can automatically generate strong unique passwords for each of your accounts and store them in an encrypted folder that can only be accessed with a master password. You just need to create one strong, unique password to remember, and you’ll have access to your entire password library at any time.
If you need guidance to get started, check out our list here .
A password is only good until someone guesses it.
So, we know that our strong unique passwords should be stored in a password manager protected by one strong and unique master password. However, these passwords should not just lie there forever. As we have already mentioned, your password can end up being cracked or leaked by a company breach. This certainly highlights the importance of not reusing passwords (seriously, please don’t reuse your passwords), but it also highlights the need to change your passwords from time to time.
It’s not a fun process, but it’s the only way to ensure that a compromised password can’t be used against you. If an attacker somehow gets hold of your bank password, it won’t do them any good if you change those credentials during a scheduled check. Many password managers will have a link to the website in question so you can quickly change your password, but some, like Dashlane , are even better and will change your password on the website for you whenever you want.
Always use two-factor authentication when available
In addition to good password practice, you should also use 2FA (two-factor authentication) whenever it’s offered. More and more accounts and services are using 2FA as a second line of defense for your security, and for good reason.
We’ve covered two-factor authentication in detail before, but here’s a reminder: After you correctly enter your account password using two-factor authentication, you’ll need to provide a code from a trusted device to fully authenticate yourself. This code is usually sent either via SMS or via a generator from the authenticator app. Some password managers even have a built-in code generator, which allows you to store all your security methods in one convenient place. Enter the code – and you are in the game, but without the code – no.
Using 2FA helps ensure that a password leak doesn’t completely compromise your account: a hacker can enter your correct password all they want, but if they don’t have access to the 2FA code, they’re gone. This is why 2FA scams are on the rise, and why you should never share your 2FA code with anyone . The companies and services you use 2FA with will never ask you for these codes without asking. If you unexpectedly receive a phone call or email from these “organizations” asking you to verify your 2FA code to verify your identity, ignore it.
We could talk all day about the various steps you can take to keep your digital life safe. However, following these password and 2FA tips goes a long way and gives you a big edge. Use strong unique passwords, set up two-factor authentication, and don’t share those credentials with anyone, and you’ll be celebrating World Password Day every day.